zip-extensions 0.14.1

An extension crate for zip.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

use super::util;
use crate::audit::entry_audit_handler::EntryAuditHandler;
use crate::audit::entry_view::EntryView;
use crate::audit::report::{SuspiciousEntry, SuspiciousReason, ZipAuditReport};

pub struct NamesHandler;

/// An `NamesHandler` is used to track and report on suspicious (odd or OS-incompatible) names,
/// which often indicate obfuscation or extraction issues. For instance, the handler flags long
/// paths and very deep hierarchies, control characters in names, and certain reserved names.
impl EntryAuditHandler for NamesHandler {
    fn visit(&mut self, view: &EntryView, report: &mut ZipAuditReport) {
        Self::detect_long_name(&view, report);
        Self::detect_control_chars(&view, report);
        Self::detect_windows_reserved_name(&view, report);
    }
}

impl NamesHandler {
    fn detect_long_name(view: &&EntryView, report: &mut ZipAuditReport) {
        if util::path_is_extremely_long(&view.name_raw) {
            report.suspicious_entries.push(SuspiciousEntry {
                name: view.enclosed_name.clone(),
                reason: SuspiciousReason::ExtremelyLongPath,
            });
        }
    }

    fn detect_control_chars(view: &&EntryView, report: &mut ZipAuditReport) {
        if util::contains_control_chars(&view.name_raw) {
            report.suspicious_entries.push(SuspiciousEntry {
                name: view.enclosed_name.clone(),
                reason: SuspiciousReason::ControlCharsInName,
            });
        }
    }

    fn detect_windows_reserved_name(view: &&EntryView, report: &mut ZipAuditReport) {
        if util::is_windows_reserved_name(&view.enclosed_name) {
            report.suspicious_entries.push(SuspiciousEntry {
                name: view.enclosed_name.clone(),
                reason: SuspiciousReason::WindowsReservedName,
            });
        }
    }
}